EUVD-2026-22340

A integer overflow or wraparound vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow attacker to denial of service via...

CVE-2026-24641

Fortinet FortiWeb contains a NULL pointer dereference (CWE-476) that can crash the HTTP daemon. Affected products/versions: FortiWeb 8.0.0–8.0.2; 7.6.0–7.6.6; 7.4 All; 7.2 All; 7.0 All. An authenticated attacker can trigger via crafted HTTP requests. Impact: Availability loss (LOW per CVSS 3.1), ...

PT-2025-32883

Name of the Vulnerable Software and Affected Versions Fortinet FortiWeb versions 7.0 through 7.6 Fortinet FortiWeb versions 7.6.3 and below Fortinet FortiWeb versions 7.4.7 and below Fortinet FortiWeb versions 7.2.10 and below Fortinet FortiWeb versions 7.0.10 and below Description An improper...

Fortinet FortiWeb ] Lack of client-side certificate validation when establishing secure connections (FG-IR-22-326)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-326 advisory. - An improper certificate validation vulnerability CWE-295 in FortiWeb 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions...

CVE-2022-30299

A path traversal vulnerability CWE-23 in the API of FortiWeb 7.0.0 through 7.0.1, 6.3.0 through 6.3.19, 6.4 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions may allow an authenticated attacker to retrieve specific parts of files from the underlying file system via specially...

CVE-2022-30300

A relative path traversal vulnerability CWE-23 in FortiWeb 7.0.0 through 7.0.1, 6.3.6 through 6.3.18, 6.4 all versions may allow an authenticated attacker to obtain unauthorized access to files and data via specifically crafted HTTP GET requests...